6 matches found
CVE-2026-5222
A flaw was found in rust-cargo. The Cargo tool, used for managing Rust projects, incorrectly handled the URLs of third-party registries when using the sparse index protocol. This vulnerability could allow an attacker, who is able to publish packages in a registry, to obtain sensitive credentials...
UBUNTU-CVE-2026-5222
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...
CVE-2026-5222
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...
CVE-2026-5222
CVE-2026-5222 affects Cargo (versions 1.68–1.96) where URLs of third-party registries using the sparse index protocol are incorrectly normalized. If a hosting provider lets multiple registries share a domain with arbitrary names, an attacker who can publish crates in a registry could obtain crede...
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...
CVE-2026-5222
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...